Cluster LDAP Providers for Load Balancing or Failover

To create a cluster of security providers, first create a security provider configuration for a server you wish to include in the cluster. On the main security providers page, locate this security provider and click Upgrade to Cluster. This creates a cluster with one node. To add more servers to the cluster, click Duplicate Node. Edit the new node to point to a different server you want in this cluster.

When editing a cluster, you will see a section to modify the cluster settings.

Cluster Settings (Visible Only for Clusters)

Member Selection Algorithm

Select the method to search the nodes in this cluster.

Top-to-bottom first attempts the server with the highest priority in the cluster. If that server is unavailable or the account is not found, the next highest priority server is attempted. The search moves down through the list of clustered servers until either the account is found or it is determined that the account does not exist on any of the specified and available servers.

Round-robin is designed to balance the load between multiple servers. The algorithm choose at random which server to attempt first. If that server is unavailable or the account is not found, another random server is attempted. The search continues at random through the remaining servers in the cluster until either the account is found or it is determined that the account does not exist on any of the specified and available servers.

Retry Delay

Set how long to wait after a cluster member becomes unavailable before trying that cluster member again.

When editing a cluster node, you will see an option to override user schema settings defined by the cluster.

User Schema Settings

Override Cluster Values (Visible Only for Cluster Nodes)

If this option is unchecked, this cluster node will use the same schema settings as the cluster. If unchecked, you may modify the schema settings below.

To move a security provider from a cluster to a stand-alone security provider, click Create Copy. This copies the settings to a new, top-level security provider. You can then delete the originating node.